Product Security

Healthcare IT professionals should take the time to review Carestream Health's product security documentation, these documents provide a high-level overview of the security configurations related to the operating systems for our products. Additional documentation assists customers in their purchasing decision related to the requirements and product capability specified by the Health Insurance Portability and Accountability Act (HIPAA) Security Rule.
Many International security regulations require healthcare providers and payers to protect patient information from improper access, modification, and catastrophe loss. Carestream Health is committed to providing industry leading security capabilities in our products and service delivery.

Manufacturers Disclosure Statement for Medical Device Security (MDS2)
The Manufacturers Disclosure Statement for Medical Device Security provides customers with HIPAA-related security information about their products and services. The MDS 2 is endorsed by the American College of Clinical Engineering (ACCE), ECRI (formerly the Emergency Care Research Institute), Healthcare Information and Management Systems Society (HIMSS) and the National Electrical Manufacturers Association (NEMA).

Carestream Health is an active member of the Medical Device Security Workgroup and supports the use of the MDS 2. For greater details, go to Manufacturer Disclosure Statement for Medical Device Security. The following links contain product security information outlined in the MDS 2.

Our current-generation digital medical products carry the CARESTREAM brand, except in a few instances where we will continue to license the KODAK brand. for use on selected products. While we no longer market previous-generation products carrying the KODAK brand, we will continue to provide technical/support information -- like that contained below -- to customers who previously purchased these products.

Digital Capture Systems 


Cone Beam CT (CBCT)

Digital Output Systems

Healthcare Information Solutions

Product Security Assessment

Carestream Health has recognized that healthcare informatics’ requires a consistent approach in the product design stage to address privacy and security requirements. Carestream Health has taken extensive steps to harden the Windows and Solaris Operating Systems and to secure system access beyond the vendors default configuration. These steps include removal or disabling services, accounts, and ports that are not required for clinical operation. During product development standard testing procedures using vulnerability scanners are used to analyze the device for security vulnerabilities and assessing the configuration against National Security Agency (NSA) Hardening Guidelines, as well as requirements specified in security regulations.

To our customers, Carestream Health provides documentation below of our product security assessments.

Digital Capture Systems

Digital Output Systems (PDF)